Microsoft sweetens reward as another worm strikes
- By William Jackson
- Jan 30, 2004
Another day, another virus. A new version of the Mimail worm is making the rounds, this time phishing for victims' credit card numbers.
Antivirus experts at Network Associates Inc. of Santa Clara, Calif., on Thursday upgraded the Mimail.s worm from a low to a medium threat because of the growing number of infections.
Meanwhile, Microsoft Corp. offered a $250,000 reward for the arrest and conviction of the author of the MyDoom.b virus, released earlier this week to target the Microsoft Web site as well as that of SCO Group Inc. of Lindon, Utah, with a denial-of-service attack.
'This worm is a criminal attack,' Microsoft general counsel Brad Smith said. 'Microsoft wants to help the authorities catch this criminal.'
The reward is the third offered from a $5 million fund Microsoft established last November. Rewards of $250,000 each also are outstanding for authors of the MSBlast.a worm and the Sobig virus. So far, Microsoft has offered rewards only for malicious code targeting itself.
Interpol accepts tips through national offices in its 181 member countries and through its site, at www.interpol.int
. Tips also can go to any FBI or Secret Service field office or to the FBI's Internet Fraud Complaint Center, at www.ifccfbi.gov
SCO earlier this week offered a $250,000 reward for the author of MyDoom.a. Both versions of MyDoom are expected to launch a denial-of-service attack against that company's site Feb. 1, and the b variant will attack Microsoft Feb. 3.
MyDoom.a, discovered Monday, quickly became one of the fastest-spreading e-mail worms. The first variant appeared Wednesday, and antivirus researchers believe computers infected by the first version might have been used to spread the variant. Both versions infect host computers when an executable attachment is opened. They leave back doors for remote exploitation and mass-mail themselves to e-mail addresses harvested from compromised computers.
According to Network Associates, the new version of Mimail also spreads itself by e-mail with its own Simple Mail Transfer Protocol engine. The subject line reads, 'Here is the file you asked for,' and the body reads, 'Hi! Here is the file you asked for!' The attachment is titled 'document' with a variety of file extensions.
'This displays a fake Microsoft licensing window,' Network Associates said. It tells the user a Windows license has expired and asks for a credit card number, expiration date and personal ID number.
As with MyDoom, the recipient must run the attachment to become infected.
William Jackson is a Maryland-based freelance writer.